random

Basic Tutorial

https://kubernetes.io/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro/

Create Cluster
Create Deployment: kubectl run kubernetes-bootcamp --image=gcr.io/google-samples/kubernetes-bootcamp:v1 --port=8080
List Deployments: kubectl get deployments
Proxy for temporary access to API & deployments: kubectl proxy
Pod reachable via proxy at: `http://localhost:8001/api/v1/namespaces/default/pods/$POD_NAME/proxy/
Deployments create Pods (with Containers inside them)

Troubleshooting with kubectl

kubectl get - list resources
- nodes, pods, services, ...
kubectl describe - show detailed information about a resource
kubectl logs - print the logs from a container in a pod
kubectl exec - execute a command on a container in a pod

Expose IPs/Pods: Service
via e.g. LabelSelector
- https://kubernetes.io/docs/tutorials/services/source-ip/
- https://kubernetes.io/docs/concepts/services-networking/connect-applications-service
Create Service while creating Deployments: --expose
otherwise kubectl expose deployment/kubernetes-bootcamp --type="NodePort" --port 8080
apply label to pod: kubectl label pod $POD_NAME app=v1

scaling: change number of replicas in a Deployment
autoscaling: http://kubernetes.io/docs/user-guide/horizontal-pod-autoscaling/
kubectl scale deployments/kubernetes-bootcamp --replicas=4

Rolling updates
kubectl set image deployments/kubernetes-bootcamp kubernetes-bootcamp=jocatalin/kubernetes-bootcamp:v2
kubectl rollout status deployments/kubernetes-bootcamp
role back: kubectl rollout undo deployments/kubernetes-bootcamp

Q: Cluster Security

Q: RBAC

Q: User for GitLab AutoDevOps

https://gitlab.com/stefan2904/k8s-experiments/clusters/23057

https://docs.gitlab.com/ee/user/project/clusters/
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
"The account that will issue the service token must have admin privileges on the cluster."
"Ensure the token of the account has administrator privileges for the cluster."
--> https://docs.gitlab.com/ee/user/project/clusters/#role-based-access-control-rbacspan-classbadge-trigger-core-onlyspan

API URL, run kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'
List the secrets by running: kubectl get secrets
kubectl get secret <SECRET_NAME> -o jsonpath="{['data']['token']}" | base64 -D
CA certificate, run kubectl get secret <secret name> -o jsonpath="{['data']['ca\.crt']}" | base64 -D

---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-admin-user2
  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin-user2
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: gitlab-admin-user2
  namespace: kube-system

Ingress IP: https://gitlab.com/help/user/project/clusters/index.md#getting-the-external-ip-address

It looks like you are using a custom Kubernetes Cluster (using minikube, kubeadm or the like). In this case, there is no LoadBalancer integrated (unlike AWS or Google Cloud). With this default setup, you can only use NodePort (more info here: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) or an Ingress Controller. With the Ingress Controller you can setup a domain name which maps to your pod (more information here: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-controllers)

via https://stackoverflow.com/a/44112285/1518225

?:
kubectl create serviceaccount jenkins
kubectl get serviceaccounts jenkins -o yaml
kubectl get secret jenkins-token-1yvwg -o yaml

Q: Liveness Probe

https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/

stefan2904/joplin.md

random

Basic Tutorial

Q: Cluster Security

Q: RBAC

Q: User for GitLab AutoDevOps

Q: Liveness Probe

Screenshots